Fix the ability to disable ModSecurity at location level

- Adds 'modsecurity off;' to the nginx config if the 'enable-modsecurity' annotation is set to false. - Update tests and e2e tests accordingly Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
2020-03-22 01:05:07 +05:30 · 2020-03-22 01:05:07 +05:30 · 380ef3a92c
commit 380ef3a92c
parent 8f4d5f8b34
5 changed files with 84 additions and 27 deletions
--- a/internal/ingress/annotations/modsecurity/main.go
+++ b/internal/ingress/annotations/modsecurity/main.go
@ -25,6 +25,7 @@ import (
 // Config contains ModSecurity Configuration items
 type Config struct {
 	Enable        bool   `json:"enable-modsecurity"`
+	EnableSet     bool   `json:"enable-modsecurity-set"`
 	OWASPRules    bool   `json:"enable-owasp-core-rules"`
 	TransactionID string `json:"modsecurity-transaction-id"`
 	Snippet       string `json:"modsecurity-snippet"`
@ -41,6 +42,9 @@ func (modsec1 *Config) Equal(modsec2 *Config) bool {
 	if modsec1.Enable != modsec2.Enable {
 		return false
 	}
+	if modsec1.EnableSet != modsec2.EnableSet {
+		return false
+	}
 	if modsec1.OWASPRules != modsec2.OWASPRules {
 		return false
 	}
@ -69,9 +73,11 @@ func (a modSecurity) Parse(ing *networking.Ingress) (interface{}, error) {
 	var err error
 	config := &Config{}

+	config.EnableSet = true
 	config.Enable, err = parser.GetBoolAnnotation("enable-modsecurity", ing)
 	if err != nil {
 		config.Enable = false
+		config.EnableSet = false
 	}

 	config.OWASPRules, err = parser.GetBoolAnnotation("enable-owasp-core-rules", ing)